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1 CLAIMS 

2 What is claimed is: 

3 

11. A sub-manager (20) for interfacing between a network management system (22) 

2 and a plurality of clients (18), each of such clients (18) being served by a firewall (16), 

3 the sub-manager (20) comprising: 

4 a network management agent (25) for exchanging master network management 

5 messages (190) with the network management system (22); 

6 a connections module (24) for establishing a network connection (45) with each 

7 of the plurality of clients (18); 

8 a message handling module (26) for: 

9 receiving a master network management request message (1 70) from the 

10 network management system (22), the master network management request message 

11 (170) including a plurality of master object identifiers (182), each master object identifier 

12 (182) comprising a client identifier (46) that identifies a particular one of the clients (18) 

13 and a variable portion (210) that identifies a variable value (44) within a client 

14 management information base (34); 



15 generating at least one client network management request message 

16 (172), each client network management request message (172) including a client object 

17 identifier (188) that identifies the variable value (44) within the client management 

18 information base (34); 

19 providing each client network management request message (172) to the 

20 particular one of the clients (18) identified by the client identifier (46) over the network 

21 connection (45) established with such particular one of the clients (1 8); 

22 receiving a client response message (206) from each of the particular one 

23 of the clients (18) to which a client network management message (172) was provided, 

24 each client response message (206) including the client object identifier (188) and the 

25 variable value (44); 

26 aggregating each client response message (206) to generate a master 

27 response message (192), the master response message (192) including the plurality of 
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28 master object identifiers (182) and each master object identifier (182) comprising the 

29 client identifier (46) and the variable value received in the client response message 

30 (206); and 

31 providing the master response message (192) to the network 

32 management system (22). 

33 

1 2. The sub-manager (20) of claim 1 , wherein the variable portion (210) of the 

2 master object identifier (1 82) is the client object identifier (1 88). 

3 

1 3. The sub-manager (20) of claim 1 , wherein: 

2 each connection (45) is a TCP/IP connection that is established with a client (1 8), 

3 through the firewall (16) serving such client (18) in response to receiving a connection 

4 request initiating by such client (18); 

5 the connections module (24) further records, in an active connections table (28), 

6 for each connection (45), a client connection identifier (48) in association with the client 

7 identifier (46) identifying the client (18) that initiated the connection (45); and 

8 a device state machine provides the client network management request 

9 message (1 72) to the particular one of the clients (18) by providing the client network 

10 management request (172) over the connection (45) that associates with the particular 

11 one of the clients (18) in the active connections table (28). 
12 

1 4. The sub-manager (20) of claim 3, wherein the client connection identifier (48) is a 

2 source IP address (50) and a source port number (52) obtained from a TCP/IP frame 

3 initiated by the client (18) with which the connection (45) is established. 
4 

1 5. The sub-manager (20) of claim 1 wherein the device state machine further 

2 provides for: 

3 periodically receiving a heart beat message (1 1 3) from the client (18) over the 

4 connection (45); each heart beat message (1 1 3) including the client identifier (46) and a 

5 time interval (1 14) between the heart beat message (113) and a subsequent heart beat 
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6 message (113); 

7 updating the client connection identifier (48) in the active connection table (28) if 

8 the source IP address (50) or the source port number (52) obtained from the heart beat 

9 message (1 1 3) differs from that of a previous heart beat message (1 1 3); 

10 providing a heart beat acknowledgement message (112) to the client (18) over 

11 the connection (45); and 

12 determining that the connection (45) is inactive if a time period in excess of the 

13 time interval (1 14) elapses during which a subsequent heart beat message (113) has 

14 not been received. 
15 

1 6. The sub-manager (20) of claim 5, wherein the master response message (192) 

2 includes an indication that the a value (44) does not exist if the value (44) is associated 

3 with a master object identifier (182) that includes a client identifier (46) associated with a 

4 client 18 with which the connection (45) is inactive. 
5 

1 7. The sub-manager (20) of claim 1 , wherein: 

2 the master network management request message (172) comprises at least two 

3 master object identifiers (182), each master object identifier (182) comprising a client 

4 identifier (46) that is unique from the client identifier (46) of at least one other master 

5 object identifier (1 82); 
6 

1 8. The sub-manager (20) of claim 1 , wherein the message handling module 26 

2 further provides for: 

3 receiving an asynchronous client Trap message (220) initiated by client (18) over 

4 the connection (45) established with the client (18), the asynchronous client Trap 

5 message (220) including a client object identifier (188) and a variable value (44) 

6 associated with the client object identifier (188); 

7 identifying the client (18) that initiated the asynchronous client Trap message 

8 (220); and 

9 generating an asynchronous master Trap message (194) and providing the 
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10 asynchronous master Trap message (194) to the network management system (22), the 

11 asynchronous master Trap message (194) including the value (44) and a master object 

12 identifier (182), the master object identifier (182) including a client identifier (46) 

13 identifying the client (18) that initiated the asynchronous client Trap message (22) and a 

14 variable portion (210) identifying the variable value (44). 
15 

1 9. The sub-manager (20) of claim 8, wherein the variable portion (21 0) of the 

2 master object identifier (1 82) is the client object identifier (1 88). 

3 

1 10. A method of interfacing between a network management system (22) and a 

2 plurality of clients (18), each of such clients (18) being served by a firewall (16), the 

3 method comprising: 

4 establishing a connection (45) with each of the plurality of clients (1 8); 

5 receiving a master network management request message (170) from the 

6 network management system (22), the master network management request message 

7 (170) including a plurality of master object identifiers (182), each master object identifier 

8 (1 82) comprising a client identifier (46) that identifies a particular one of the clients (18) 

9 and a variable portion (210) that associates with a variable value (44) within a client 
10 management information base (34); 



11 generating at least one client network management request message (172), the 

12 client network management request message (172) including a client object identifier 

13 (1 88) that identifies the variable value (44) within the client management information 

14 base (34); 

15 providing each client network management request message (172) to the 

16 particular one of the clients (18) identified by the client identifier (46) over the network 

17 connection (45) established with such particular one of the clients (18); 

18 receiving a client response message (206) from each of the particular one of the 

19 clients (18) to which a client network management message (172) was provided, each 

20 client response message (206) including the client object identifier (188) and the 

21 variable (44); 
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22 aggregating each client response message (206) to generate master response 

23 message (192), the master response message (192) including the plurality of master 

24 object identifiers (182) and each master object identifier (182) comprising the client 

25 identifier (46) and the variable value (44) received in the client response message; and 

26 providing the master response message to the network management system 



27 (22). 
28 

1 11. The method of claim 10, wherein the variable portion (210) of the master object 

2 identifier (1 82) is the client object identifier (1 88). 

3 

1 12. The method of claim 10, wherein: 



2 each connection (45) is a TCP/IP connection established with a client (18), 

3 through the firewall (16) serving such client (18), in response to receiving a connection 

4 request initiating by such client (18); 

5 the method further comprises recording in an active connections table (28), for 

6 each connection (45) established, a client connection identifier (48) in association with 

7 the client identifier (46) identifying the client (18) that initiated the connection (45); and 

8 the step of providing each client network management request message (172) to 



9 the particular one of the clients (18) comprises providing each client network 

10 management request (1 72) over the connection (45) that associates with the particular 

11 one of the clients (18) in the active connections table (28). 
12 

1 13. The method of claim 12, wherein the client connection identifier (48) is a source 

2 IP address (50) and a source port number (52) obtained from a TCP/IP frame initiated 

3 by the client (18) with which the connection (45) is established. 
4 

1 14. The method of claim 10 further comprising: 

2 periodically receiving a heart beat message (1 1 3) from the client (1 8) over the 

3 connection (45); each heart beat message (113) including the client identifier (46) and a 

4 time interval (1 14) between the heart beat message (113) and a subsequent heart beat 
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5 message (113); 

6 updating the client connection identifier (48) in the active connection table (28) if 

7 the source IP address (50) or the source port number (52) obtained from the heart beat 

8 message (113) differs from that of a previous heart beat message (1 1 3); 

9 providing a heart beat acknowledgement message (1 12) to the client (18) over 

10 the connection (45); and 

1 1 determining that the connection (45) is inactive if a time period in excess of the 



12 time interval (1 14) elapses during which a subsequent heart beat message (1 1 3) has 

13 not been received. 
14 

1 15. The method of claim 14, wherein the master response message (192) includes 

2 an indication that the value (44) is unavailable if an open connection (45) does not exist 

3 with the particular on of the clients (18). 
4 

1 16. The sub-manager (20) of claim 1 0, wherein: 

2 the master network management request message (1 72) comprises at least two 

3 master object identifiers (1 82), each master object identifier (1 82) comprising a client 

4 identifier (46) that is unique from the client identifier (46) of at least one other master 

5 object identifier (182); 
6 

1 17. The method of claim 1 0, further comprising: 

2 receiving an asynchronous client Trap message (220) from a client (18) 

3 over the connection (45) established with the client (1 8), the asynchronous client Trap 

4 message (220) including a client object identifier (188) and a variable value (44) 

5 associated with the client object identifier (1 88); 

6 identifying the client (18) that initiated the asynchronous client Trap 

7 message (220); 

8 generating an asynchronous master Trap message (194) and providing 

9 the asynchronous master Trap message (194) to the network management system (22), 
10 the asynchronous master Trap message (194) including the variable value (44) and a 
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master object identifier (182), the master object identifier (182) including a client 
identifier (46) identifying the client (18) that initiated the asynchronous client Trap 
message (22) and a variable portion (210) identifying the variable value (44). 

18. the method of claim 1 7, wherein the variable portion (21 0) of the master object 
identifier (182) is the client object identifier (188). 
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